* On 18/05/06 09:37 -0300, "Lu�s Fernando C. Talora" wrote:
| Fellows,
|
| To protect dummy users against themselves, I�ve put a few rules on my
| Squid server to prevent them on downloading some potentially dangerous
| files by its extensions, such as .exe, .zip, .bat, .scr, and so on. Part
| of the "regex" files for those rules follow:
|
| \.com$
| \.scr$
| \.bat$
| \.pif$
| (...)
|
| However, an user recieved a mail message with a link to some "virtual
| card" (witch was, indeed, some kind of trojan) and I�ve noticed that
| Squid allowed the user to download the file. The link follows:
|
|
| http://www.mikes.educv.ro/albums/cartao.scr?4d325356ae47122a6e7b8f1f07cae26d
|
| It is quite impressive how the bad guys create ways to bypass the
| proxy... If the URL do not end with the ".xxx", the rule is easily
| bypassed. So I�ve tried the following:
|
| \.scr[\?\&]?.*
|
| It worked, but too many pages were blocked by mistake. Then I�ve thought
| on this:
|
| \.scr$
| \.scr[\?\&]
|
| It probably works, but I didn�t try it, but I doesn�t seem to be the
| best way to do it (I would need to create to lines for each blocked
| extension). My question is: is there an easier way to do that? I mean, a
| single rule that work in both cases (the file extension followed by the
| "?" - ou the "&" - in the meedle of the URL or in the end of URL).
It's time to integrate a true content filter, like Dansguardian[1],
which will (when integrated with an Anti-virus) do real scanning of
all content. Squid can then do what is was born for - caching/proxying.
[1] http://www.dansguardian.org
-Wash
http://www.netmeister.org/news/learn2quote.html
DISCLAIMER: See http://www.wananchi.com/bms/terms.php
-- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington <wash@wananchi.com> Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Real programmers don't bring brown-bag lunches. If the vending machine doesn't sell it, they don't eat it. Vending machines don't sell quiche.Received on Thu May 18 2006 - 06:45:39 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT